9a47f44c4e
hosts/ni: add filesystem setup
2023-07-24 15:24:49 +08:00
87de61fba8
hosts/plover: add Keybase verification key
2023-07-22 10:39:23 +08:00
a2ab1f09a8
hosts/plover: fix Vaultwarden hardened service
2023-07-20 10:42:43 +08:00
b1072a437b
hosts/plover: add and configure Wezterm mux server
...
Not yet fully configured though so we'll have to update the Wezterm
server configuration.
2023-07-20 10:40:47 +08:00
bc3d03ce9e
hosts/graphical-installer: reduce the config with the nixos-generators NixOS module
2023-07-16 18:17:35 +08:00
7a1bf68a34
hosts/bootstrap: reduce the config with nixos-generators NixOS module
2023-07-16 18:17:05 +08:00
2cc6d2bcb6
hosts/graphical-installer: update config
...
It should result in an overall smaller closure size.
2023-07-14 19:59:39 +08:00
5a57c1886b
hosts/bootstrap: update config
...
A little update which should result in a smaller closure size.
2023-07-14 19:59:21 +08:00
214ea6fa6d
hosts/plover: fix erroneous secret for Keycloak service
2023-07-14 14:43:28 +08:00
8c08db2eb2
hosts/plover: use fail2ban jails settings
...
It is nicer compared to the traditional setting with strings.
2023-07-14 14:41:58 +08:00
c3bec31b86
chore: reformat codebase
2023-07-05 16:42:15 +08:00
66317b18bc
hosts/bootstrap: explicitly configure SSH daemon
2023-07-05 16:39:58 +08:00
2e7cdeacf3
hosts: remove host path prefix for sops keys
...
It is more explicit and elegant but more of a pain to manage especially
with the new function. It was structured that way for other hosts'
secrets but it isn't really used in practice. We could just enforce a
convention such as a `hosts` prefix to contain those secrets.
2023-07-05 13:11:47 +08:00
5fbd39adfc
hosts/ni: modularize Wireguard
...
I also added a conditional configuration for systemd-networkd and a
condition for the default which should be enabled when NetworkManager is
enabled. Ideally this should be the default when systemd-networkd is not
enabled but since they are the only network manager, we'll let it slide.
2023-07-05 11:40:40 +08:00
ba3af47cb5
hosts/ni: create system-wide nixpkgs config
2023-07-05 11:39:44 +08:00
fdd723ca33
config: convert to lib.getSecrets
2023-07-05 11:38:58 +08:00
6bd59ccfd4
docs: update notes on Plover
2023-07-02 20:21:49 +08:00
c89c29ac10
hosts/plover: update hardware configuration
2023-07-02 20:21:29 +08:00
da24dd1214
hosts/ni: add fstrim service
2023-07-02 19:24:56 +08:00
f27b7e045c
hosts/plover: modularize Borg backup paths
2023-07-02 12:23:50 +08:00
dd1b2b0638
hosts/plover: fix Gitea dump cleanup
2023-07-01 16:29:29 +08:00
35ef89a312
hosts/plover: update Borg SSH key
2023-06-30 22:31:14 +08:00
f799b6dc1e
hosts/ni: remove doas
...
I'll just learn more about how to configure sudo properly then.
2023-06-30 14:30:59 +08:00
cb54c33afc
hosts/plover: add disko device config
2023-06-30 13:38:38 +08:00
9af237e242
hosts/ni: add disko device config
2023-06-30 13:38:22 +08:00
33b8dfe9c6
hosts/plover: enable DNS-over-TLS for Bind
2023-06-30 10:48:10 +08:00
ffad85fa70
hosts/plover: enable nginx-bad-request jail
2023-06-30 10:47:02 +08:00
831022bf22
hosts/plover: enable DH params generation
...
This is for certain applications as we'll see.
2023-06-30 10:46:43 +08:00
53f7cf6e83
chore: reformat codebase
2023-06-29 14:17:38 +08:00
9c3d3901ab
hosts/plover: update Bind secrets permission
2023-06-29 09:46:35 +08:00
a8aef35c5c
hosts/plover: update Bind server config
2023-06-29 09:44:55 +08:00
c9440205cf
hosts/plover: update Vaultwarden admin token
2023-06-28 19:37:10 +08:00
94c94be9a4
hosts/plover: harden Vaultwarden service
2023-06-28 14:01:18 +08:00
8043b8d16c
hosts/plover: update Bind hardening settings
2023-06-28 14:01:02 +08:00
38321152f0
hosts/plover: remove CoreDNS module
...
Bind works well enough for now so no need for this service.
2023-06-28 09:12:56 +08:00
88c0c9aa75
hosts/plover: update service files to backup
2023-06-27 22:49:49 +08:00
8a84eb2445
hosts/plover: move Wireguard secrets to appropriate location
2023-06-27 20:52:57 +08:00
e76a881aee
hosts/plover: update Wireguard routing
2023-06-27 12:54:29 +08:00
4dcb82c72b
hosts/plover: update PostgreSQL cert config
2023-06-27 12:53:50 +08:00
1e2d251e1d
hosts/plover: harden Bind systemd service
2023-06-28 00:19:06 +08:00
d98527c89b
hosts/plover: update Bind config for dynamic updates
2023-06-27 22:56:18 +08:00
dc01a2d2f1
hosts/graphical-installer: re-disable wireless module
...
I forgot why it's there. Now I remember. :)
2023-06-23 15:44:19 +08:00
c81038e609
hosts/graphical-installer: update config
2023-06-23 11:46:37 +08:00
218e5cd724
hosts/bootstrap: update config
2023-06-23 11:46:21 +08:00
36e2a817ae
hosts/plover: fix Wireguard firewall settings
2023-06-22 23:17:28 +08:00
482e90efaa
hosts/plover: update zone file to include self-hosted DNS server
2023-06-22 22:52:17 +08:00
2688064651
hosts/plover: add TLS support for PostgreSQL
2023-06-22 18:05:54 +08:00
ff3dd9d3f7
hosts/plover: update nameserver list
...
With the right configuration alongside systemd-resolved, it shouldn't be
much of a problem.
2023-06-22 18:03:21 +08:00
9cfe72a62c
docs: update Plover config notes
2023-06-22 18:02:23 +08:00
4b2777cda2
hosts/plover: change network attribute name
...
It is somewhat not great naming at first.
2023-06-22 18:01:19 +08:00
